Part of a software development (website, web app etc.) that is left open for update purposes but can also be used by hackers or bots.
A bot, or robot, is a technology that is developed to perform an automated task. Malicious bots can be used to bombard websites or other applications multiple times per second to try and over-ride the security gateways.
Botnet – Robot Network
Can be known as false data entry, is the unauthorised editing of information whilst being entered into a computer. Examples of data diddling include counterfeiting, alterations to security clearance, changing grades or credit ratings.
Also known as data loss. Usually unapproved and sometimes illegal loss of information that is transferred elsewhere. This could be due to physical removal (USB sticks/CDs, printouts), memorised information through to data hiding (within digital images for example).
Denial of Service – (DoS)
A DoS attack is a purposeful blocking or flooding of an internet service with useless traffic. The ill intended gains from such activity could be blackmail or fraud – e.g. blocking access to banking systems for credit card fraud.
Using a larger multiple network of computers to launch a DoS.
DNS Cache Poisoning
Also known as DNS (Domain Name System) Spoofing. The practise is the corruption of the server domain name and replacing it with another IP address. Once redirected to the fraudulent IP address, malware/viruses can then infect this computer.
An illegitimate and unexpected function within a computer programme. Called an Easter Egg as they can be hard to find.
A way of manipulating a weakness or vulnerability in a computer programme or script. The end result being that the system is taken control of by a third party.
Also known as cracking. Malicious interference of web applications/computers for example – password breaking, code injections. Hacking can be carried out for various reasons ranging from financial to political.
Hacking that is predominantly done for political reasons.
Fraudulently using someone else’s personal details for illegal gains, usually financial. Personal details that are used can include NI Numbers, birth date, address etc.
Pretending to be another person, usually for fraudulent reasons.
The time period from when a virus or malware embeds itself into an application/computer until it becomes active. During the latency period the virus can remain inactive and hidden or can be programmed to re-produce.
Logic Bomb – also known as Slag Code or Trojan Horse
A common form of virus that becomes active when certain conditions are met – i.e. a time lapse, pressing a keyboard combination, or responding to a computer command. Once the action occurs, the script within the bomb is activated.
A type of denial of service. The sending of huge volumes of email to overwhelm a mail server.
The lead or centralised programme that controls the DoS or distributed DoS attacks.
Hacking into networks or Wi-Fi to gain unauthorised access. Encrypted gateways and passwords help reduce the risk of Piggybacking.
Similar to DNS cache poisoning. A scamming practice using malicious code to re-direct users to dishonest or fake websites without their knowledge.
Unofficial telephone calls, emails or websites that trap users into giving out personal information/financial information/passwords. The data is then used for financial or identity fraud. Phishing emails often contain a link that needs to be clicked or an attachment to be opened. Spear Phishing can take the form of an email that appears to be from someone you know, giving a false sense of security that it is an authorised request for personal information or passwords.
A pack of tools or code that once maliciously installed on a computer allows the hacker to gain access to passwords, change access permissions and monitor the computer secretly without being detected.
Deliberate malicious attacks on computer systems to cause damage and disruption. Reasons for sabotage include financial, espionage or political.
Salami Theft/Slicing – also known as Penny Shaving
The process of using small fraudulent activities, usually for financial gains, that accumulate into larger scale theft. The smaller scale thefts are often undetected until it’s too late.
Using discarded data, back-up tapes or copies of old files to try and find data that could be valuable for illegal purposes. The data could be sensitive data such as passwords, personal details, confidential client data or code files.
Generally speaking, a line of code that enables a particular action. When used for illegal or criminal activity, the script can be written for virus activation for example. Scripts can also inject code to steal data or disrupt service.
The process of covert online activity to mask fraudulent activity. For example, transactions, credit card fraud etc.
Sending unauthorised/unrequested or unsolicited emails offering services or goods. Usually sent in huge volume and can often include Phishing links.
Spam Over Instant Messaging – through texting.
Spam over internet telephony.
Another type of cyber-crime linked to Phishing and Pharming. A hacker pretends to be the authorised user and attempts to access sensitive or financial information.
Using scripts/code that enable the over-riding of normal security controls, therefore enabling access to sensitive data.
Deliberate and unauthorised destruction of data/networks/computer systems.
Premeditated code that will multiply and spread through a computer or network causing destruction of data or financial loss. Viruses can also change normal computer functions into Trojan horse viruses.
An inherent weakness of a piece of software or operating system that allows hackers to gain access to the system. See Back Door above.
Unauthorised listening or monitoring of data or voice transmissions. Usually for fraudulent financial or political gain.
Similar to a virus. Can reproduce, but does not alter executable files. Worms tend to sit in the background and can go unnoticed until the computer starts slowing down or malfunctioning.
A programme that is used to access another computer and lays dormant until instructed to activate.